Thanks. Let me figure out possible alternatives.
On 3 March 2016 at 00:20, Simo Sorce <s...@redhat.com> wrote: > > > On Wed, 2016-03-02 at 16:25 +0530, Prashant Bapat wrote: > > Thanks. But my problem is not OTP per se but Kerberos thru Java. > > Specifically i'm getting below error. > > > > javax.security.auth.login.LoginException: Pre-authentication information > > was invalid (24) - PREAUTH_FAILED > > at > > > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804) > > Caused by: sun.security.krb5.KrbException: Pre-authentication information > > was invalid (24) - PREAUTH_FAILED > > at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:82) > > Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match > > expected value (906) > > at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) > > > > Any pointers ? > > Unfortunately Java tends to lag way behind with Krb5 and GSSAPI featurs > an APIs (years behind). In this case what happens is that your Java > module probably does not support FAST preauth. > > > On 1 March 2016 at 21:01, Alexander Bokovoy <aboko...@redhat.com> wrote: > > > > > On Tue, 01 Mar 2016, Prashant Bapat wrote: > > > > > >> Hi, > > >> > > >> I'm trying to use Shibboleth IdP with FreeIPA and Kerberos > Authentication. > > >> I'm aware of Ipsilon, just that Shibboleth is more suited for my use > case. > > >> > > >> I've installed ipa-client on a server and connected it to ipa. > Shibboleth > > >> is installed on this server and I'm able to get the Kerberos > > >> authentication > > >> working. Documented here > > >> < > > >> > https://wiki.shibboleth.net/confluence/display/IDP30/KerberosAuthnConfiguration > > >> > > > >> . > > >> > > >> However if I bring OTP into picture, authentication fails. Error > message > > >> is > > >> like "Pre-authentication information was invalid (24) - > PREAUTH_FAILED". > > >> > > >> Any pointers on how to make OTP work? > > >> > > > http://www.freeipa.org/page/V4/OTP > > > http://www.freeipa.org/page/V4/OTP/Detail > > > > > > -- > > > / Alexander Bokovoy > > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > > -- > Simo Sorce * Red Hat, Inc * New York > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project